posted 15 years ago
You have to understand that with user integration there are actually three main areas:
1) User Authentication (UA) - Is this user a valid user or not?
2) User Information (UI) - What is the user's real name, e-mail, signature, avatar, and the like.
3) User Access Rights (UAR) - What groups does the User belong too.
In order for jForum's built in security to work (UAR), there needs to be an entry in the jForum users table. Also, for the forums to display info about the poster (UI), there also needs to be a user database entry.
With the default SSO, the design is oriented to managing UA only. jForum UI is different from the authentication source UI. Each has it's own ways that users can change this.
However, most sites don't want to have two places for people to manage their UI. So, some decisions have to be made about how to do this. The easiest, IMHO, is to use the authenticate user method to map and synchronize data between the two UI sources. E.g., decide which information is managed where.
In the case of another "UI" db table, this means you need to have an SSO implementation that not only verify who the user is, but also maps your user DB entry to jForum's user entry and synchronized the data by either creating a new entry or updating an existing one.
FWIW, the quick way to keep people from updating things in jForum that need to be updated in your application is to modify the profile template and remove the fields you don't want them to update.
To be complete, there is another option that jForum supplies for UA. If you don't want SSO, i.e. people log in to your app with your login screen and to jForum using jForum's login screens, you can use the LoginAuthenticator interface. This gets called by the jForum login screens. You'll still need to figure out your UI strategy for this, too.
but still want shared UA
[originally posted on jforum.net by monroe]